Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes "Anti-secrecy organization WikiLeaks just released a treasure trove of files, that at least for now, you can't read. The group, which has been assisting ex-NSA contractor Edward Snowden after he leaked top-secret documents to the media, posted links for about 400 gigabytes of files on their Facebook page Saturday, and asked their fans to download and mirror them elsewhere."

I might have missed the point, but as I see it, the blackmail part of this is 'leaking to the world'. If the NSA verifies that the files they suspect stolen are in this, then sure they could try to go after wikileaks people - but with the archive widely disseminated, they'd have forfeited the game as the mirrors releases it in its entirety. The encryption just seems more to prevent premature release, as opposed to pretending the NSA has no idea what they have.

Snowden's asylum in Russia in conditioned on him not spilling more U.S. secrets. Until that condition changes or Snowden finds refuge elsewhere, then I suspect Wikileaks will hang onto those keys. If Snowden disappears into a hole, then the insurance files scattered around the globe ensure that the secrets can be released not matter what else happens to him.

That information is presumably already spoiled and the Russians don't really care about him causing any more trouble. The only reason for that particular requirement is so they can pretend to be sympathetic. Truth be told, I'm pretty sure that the Kremlin is tickled pink about all the information that's been released as it makes them look better by comparison.I'm also positive that they're very much aware of how much danger Snowden is in from assassination attempts. The only way the insurance file is going

I would assume the files are encrypted with a symmetric cipher like AES.
Known plaintext attacks are not very effective against symmetric ciphers.
Indeed they're designed to be resilient to chosen plaintext attacks.

That makes sense in an email context, where the objective is to reduce the computational overhead by using a fast algorithm (symmetric key) to encrypt the message, and then you only have to worry about encrypting the key with the much slower asymmetric algorithm. As a side-effect, it also lets you encrypt a message to multiple specific recipients by adding a copy of the symmetric key encrypted with different public keys for each intended recipient, also a nice touch for email.

Nitpick: Nearly all ciphers are symmetric ciphers (except for the asymmetric ones:-)), and many of them are very vulnerable to known plaintext attacks. But there are plenty of symmetric ciphers which are, as far as we know, resistant to known plaintext, chosen plaintext and even more sophisticated attacks. Such as AES-256, which seems to be the cipher used here.

Turns out the NSA has worked out a practical known plaintext break for AES (including -256), it's at offset 459139182 of the insurance file.

Known-plaintext is helpful in cracking certain weak ciphers. One of the criteria for a cipher being strong, is that it *not* be vulnerable to a known-plaintext attack. As far as we know, aes-256 is strong.

Furthermore, cracking the files won't help the NSA. The info in them is likely already well-known to the NSA. It's however unknown to the public. Thus the NSA isn't as much concerned with cracking the encryption, as it is with -avoiding- that anyone else cracks it. (or learns of the key)

Are you talking about a known plaintext attack? Rijndael was accepted as AES because it's immune to such attacks. Of course, protocols using AES can have weaknesses, such as to padding oracle attacks, but that's not really a known plaintext attack, and we don't even know they're using CBC, for example.

No. Proper encryption, say AES in some chaining/feedback mode means you've got pretty much 0 chance of using known data to shortcut the decryption process.

EVERY single bit affects the next. Encrypt the exact same document twice, different output both times due to the salt/IV. Use the same salt, encrypt any file before the document using a chaining/feedback mode, and the document will be different than if it was done alone or with any other document. You do randomized padded at the end of the data to blo

OK, I posted a bit in jest, but do you think the NSA is not jumping on this as well? with the intent to see who is getting it? Not that they're going to "go after" anyone downloading it, but I image they would at least cross reference against their databases. Whatever.
I suppose I should have said "inadvertent gov pawn."

uhhh.. isnt there a threshold of "public" where the noise outweighs the signal ?

There's noise in bittorrent? Weird. I always thought that anyone who was on a torrent was...well...contributing to the signal. The only noise would be those using TOR or something like it, which would be trivial to filter.

Napoleon declared to his troops that a field marshal’s baton was tucked into every soldier’s knapsack, a powerful signal to people conditioned to accept personal limits on their careers as dictated by the class system. So, is this the modern equivalent with a thousand fingers resting upon the decode button in an attempt to deflect the wrath of the NSA onto others?

I never heard that before, so I googled "field marshall baton napoleon" and found your first sentence, word for word, on the second link [leadership...nsider.com]. Quote your sources dude. Don't take credit for someone else's words.

Yes. Yes I am. In fact I am 100% certain. You see, the original author would have complained that he or she wrote it, rather than offering a detailed accounting of how they found it on some website using their "Google-Fu". I really wish Slashdot would get a filtering mechanism that allowed the setting of a SlashID threshold. I've noticed lately that most of the ridiculously brainless posts seem to come from those above about 600,000.

I never heard that before, so I googled "field marshall baton napoleon" and found your first sentence, word for word, on the second link. Quote your sources dude. Don't take credit for someone else's words.

This is fundamentally a political act. The trouble is, there's no scaling back. Unless something happened behind the scenes that is not generally know, this'll be perceived as an escalation.

Gotta wonder why now, that idiot at Time Magazine aside.

The thing is, Western democracies have to get used to the Memory Hole, Cryptome, Wikileakeaks and the rest. You can play whack a mole with them or deal with the fact that people from now on will treat digital information in a way that nation states may not wish they would. This'll have positive and negative consequences but it needs to treated as fact.

True enough, but it's simply publicizing something that likely happened a long time ago. How many people think that Wikileaks kept the file on a laptop in somebody's house? It's always been distributed (at least Wikileaks would be dumber than a politician not to do that).

They probably need to divide that gargantuan thing, 400GB, down into smaller, more manageable, chunks before encrypting it. Then they might get more people cooperating with them. How many people can download and store 400GB in one chunk?

Also, the bigger the chunk, the more easily corrupted, and the corruption takes out the possibility of decrypting the whole thing?

They probably need to divide that gargantuan thing, 400GB, down into smaller, more manageable, chunks before encrypting it. Then they might get more people cooperating with them. How many people can download and store 400GB in one chunk?

As it turns out, plenty of people. I got 20Mbps down and terabytes of free space. It just takes about 55 hours to get all in and plenty of storage. And I have a pretty slow connection by today's standards. Most of my friends have 100Mbps down, meaning the file will be in in about 5.5 hours. It's really affordable by most in Europe.

They probably need to divide that gargantuan thing, 400GB, down into smaller, more manageable, chunks before encrypting it. Then they might get more people cooperating with them. How many people can download and store 400GB in one chunk?

Also, the bigger the chunk, the more easily corrupted, and the corruption takes out the possibility of decrypting the whole thing?

If only there was some kind of error-correcting software that divided files into chunks for transfer; a way to download torrents of bits, if you will.

Shortly after Snowden escaped the U.S., one of the NSA's agents specifically stated that he got out with detailed architectural designs of their entire operation. This might be the payload he was talking about. That agent stated that the U.S. should handle Snowden with kid gloves and offer to forgive and forget in exchange for destroying that data. However, congress did not listen and instead had a knee jerk reaction by going on a witch hunt for him instead.

I seriously doubt that any government would be swayed from taking action against Wikileaks due to the existence of an insurance file. Even if it has damning information, and the government knows it has damning information, the government is too big and proud to care. The only way the insurance file could affect decisions is if it revealed misconduct by specific high-ranking politicians, and these politicians know that their personal ass is on the line. It's human nature. In this case, Wikileaks should drop some hints such that these politicians know that Wikileaks knows, but without spilling too many details.

Every person is first of all about self-preservation. Then anything else. Stay alive to fight another day.

Your statement is that a soldier should never take cover from enemy gunfire, but just expose his chest and fire on. Because that is all a soldier is about. It almost never happens in real life - soldiers have to take cover to protect themselves temporarily to ATTACK LATER. Few exceptions to this, prove the rule.

...but one downside (to Snowden/Wikileaks) of them giving interested government parties the key is then they will know exactly what can be used against them, and can then mitigate against the damage. Right now, the government is just being caught in a snare of lies; each subsequent release of information exposes the prior release's damage control efforts.

Nice to get 400 GB of encrypts. It makes the keys easier to drop. But to work as "insurance", Mr Snowden either must trust other individuals with the keys. Or machines. Somebody/thing must act when he may not be able.

Under certain circumstances (nologin for a week, too many hits on "Snowden arrested|dead") then the individuals or machines spam out the keys. Potentially in waves if the big block has sub-blocks with different encryption keys.

The idea (I think) is that these files will be released in time, but releasing them all at once, but encrypted, is to discourage governments from arresting or killing the high-ups of WikiLeaks. The info will come out, just like it did last time (wasn't the last insurance file the bulk of cables that was eventually released?), but this is a mechanism for doing that while protecting themselves.

The last insurance file was spoiled by a news agency that screwed up handling the private key, and so wikileaks mitigated danger by making the leak obvious so that anyone on it could protect themselves.

It's basically an "oh shit, someone spilled blood in the water and the sharks are on their way, sound the alarm so people can get the hell out of the water."

And personally, I think it was an inside job from an intelligence agency that wished to ruin wikileaks by painting it as reckless, probably figuring that even leaking it to the news under seal was damaging enough that there was nothing more to be lost smearing wikileaks.

The idea (I think) is that these files will be released in time, but releasing them all at once, but encrypted, is to discourage governments from arresting or killing the high-ups of WikiLeaks. The info will come out, just like it did last time (wasn't the last insurance file the bulk of cables that was eventually released?), but this is a mechanism for doing that while protecting themselves.

In this case I believe Snowden holds the final encryption key, not Wikileaks.He has stated he doesn't want to harm the US, and hopes the people or congress steps in and stops the NSA abuse without having to release the most damning evidence. Its not attention whoring, its a pretty good understanding of human nature. The whole discussion would be yesterdays news had he released it all at once. Amazingly, for a young man, he understands that short sharp shocks are easily put to bed by demonizing the source and burying the issue, and a drum beat of news has more effect.

You can see this going on today.After a few political hacks attempting to cast him as a traitor were met with an equal amount of push-back calling him a hero, the administration abruptly changed tactics.

1) They stopped talking about Snowden.2) They have started trying to prove that the spying is actually good for America. (Essentially owning the spying in the hopes the public will go along.)3) They rushed to close embassies on the slimmest of evidence and are hoping desperately that there will in fact be some actual attacks.

So far the terrorists don't seem willing to play along. (In fact I believe the so-called intercepted "conference call" was made up of whole cloth, or was simply the terrorists "playing" the NSA. Since when to terrorists hold conference calls?. The attacks were supposed to happen last week, yet nothing at all is happening that wasn't already in progress in Egypt and Syria).

If conference calls can cause America to close embassies, piss away money like there's no tomorrow and spy on its own citizens then I think we have to conclude that the terrorists are winning.

When you add up everything US citizens have lost, its clear the terrorists have already won big time.

But in all the years of chasing Bin Laden, and all the other terrorists that have been killed or captured when have you ever heard of a conference call? Secret messages, couriers, double blind message drops, and encrypted text messages. Not once conference call.If it happened at all, I'm sure it was orchestrated to see what effect it would have and to determine if the NSA was listening.

But the timing suggests it was totally contrived by the NSA in some sort of childish attempt at self justification with the administration playing along. What is odd, is the press is buying the whole act, they've stopped talking about Snowden. 7th graders could concoct a more believable one act play on a saturday afternoon. The CIA will probably have to pay some useful idiots to toss grenades into the empty embassies when it becomes clear that nothing else was actually planned, and the egg starts running down their collective faces.

They rushed to close embassies on the slimmest of evidence and are hoping desperately that there will in fact be some actual attacks.

This. They thought they could draw media attention away from Snowden and turn public sentiment back to uninterestedly issuing blank checks for the executive when it comes to terrorism. Recall that just earlier that week (or perhaps it was earlier the same day), some poll results found that more Americans were concerned with the domestic surveillance program than with terrorism.

There's something to be said about the timing. But there's even more to be said about the reaction. That it was so over-the-top pretty much made it clear that the right people were getting worried.

I wouldn't be surprised if some 9/11 consipracy-style event was to occur real soon, that it's in the works even now. After all, the FBI could have a president assassinated, and then have congress cover it up afterwards. What's a few hundred or thousand civilians, killed by a religious radical whose source for the raw materials could never be found? And then there'd be no debate about domestic surveillance anymore.

But the government has worked hard to make sure it doesn't happen. Because "responsible disclosure" would require the governments involved to work with and support wikileaks, and they don't want to be seen to have done that.

I don't give a fuck how many women Bill Clinton and Anthony Wiener have sex with. As long as it's between two consenting adults, it's not my problem. It would only becomes my problem if they started asking for government benefits because of their sex lives.

First, Wikileaks isn't just about making information open. They are about giving that information the most impact possible. If they release 400GB of damning stuff, do you think news organizations around the world will be able to stay on point, or will the primary story just be an unhelpful "Wikileaks releases 400GB of information"? It will eventually all get out, but in smaller, focused chunks. They also like to scrub information first so they don't end up blowing military or covert ops that could result in

If their "mission" is openness - and the info is that damning - shouldn't they be publishing it? I mean, isn't that sort of the point of Wikileaks? Or just attention whoring?

I suspect they will expend a lot of hours working with outside entities to redact the documents of information that would threaten their sources or private citizens or anyone's life before releasing them, and getting their fans to mirror encrypted files is an "Insurance policy" ---- where powerful forces working against Wikileaks may become aware of the leak; Wikileaks folks have probably designed some elaborate scheme, contingency plan, or something strange of that nature to get the keys released in case of emergency: corporate or government interference, coercion, arrest, or kidnapping of the Wikileaks folks working to release redacted documents.

Getting 400 gigabytes of data uploaded to the internet in a pinch is no easy task.

But posting a 100 KB key far and wide to unlock 400 gigabytes of pre-distributed data, is a trivial thing.

Depends on the nature of the data and the reason for the safeguarding. The implication they are probably trying to make based on recent events is that Wikileaks has ~400GB of data that was obtained by Edward Snowden, all of which is being widely mirrored as we discuss it, and could become public knowledge via the simple means releasing a password or key file. At the very least, that's potentially a pretty big incentive for the US and its allies not to mess with any attempt at relocation that Edward Snowde

It's more likely that they've released the key for this file to the people they want insurance from. "See what we've got? All we need to do is release the key and everyone will know." They release these keys to a small set of folks around the world so they can publish the key if they need to. I bet that initial distribution list includes a senator and a head fo the CIA or something like that.

I'm as real of an American as can be done. What I want is a more focused government. I do not want the militarization of local police. I do not want decisions that affect the lives of me and others made behind closed doors. If the NSA programs were more transparent and if they did no lie about what they are doing, it would not be as much of an issue. I do not want a government that itself finds too complex to manage and uses that as an excuse to not do anything. If they can not do the job, they should give the job to states or counties or towns.

As a real American, I want to be able to trust my government. Any faith in the government is only faith that it will not collapse in on itself. There is no faith in supporting those that pay into it, us tax payers. Those that do not pay tax are paid for the security of the tax payers, so they are also included.

If you want a "focused government" then you are no real American. Hell, you don't even comprehend the founding principles of the Constitution and certainly have no grasp of the Declaration of Independence. If you had you would realize the error of your desires.

Gay rights is not a good litmus test of human rights. I find womens rights to be a better gauge. And if he isn't gay, why should he use that as a metric for human rights? In the US, if we are better to our gays, and worse to our (something else), does that make us any better?

How about "hadicapped". Many places don'e have ADA-like laws. They have handicapped spaces in front of the bank with 2 flights of stairs to get up, but a "blacks-only" separate but equal entrance in the alley out back.

And Russia doesn't seem "so bad". Homosexuality is legal and has been for 20 years. The Russian people seem more hostile towards it, but the law makes it legal. Picking one "fringe" cause and using that as a litmus test misses the greater issue. The main problem with Russia at the moment is that nobody has free speech. A straight person supporting gay rights with speech only is breaking the law in some areas (depending on how they support it). That's not a gay rights issue, that's a human rights issue. Making it about gay rights misses the point. But, based on the rest of your post, you were deliberately missing the point.

You act like they are treated as slaves. I attended the wedding of my brother-in-law to his now-husband just 4 weeks ago, right here in the good ol' United States. I don't recall either of them being tied up with chains (although, he did wear a rainbow feather boa at one point...).

You are wrong in your irony. Wikileaks is not an anti-secrecy organization. They are a media organization (by their own account [wikileaks.org]). They are against secrecy when it's being used to conceal dishonesty and unjust practices by governments (often to mislead the population). Wikileaks' own leak submit system relies heavily on secrecy to protect the sources from persecution, so you are pretty late with your remark.

Then again be a hero or be a zero. What Bradley Manning and Edward Snowden have done for the people of the world will be remember for a very, very long time to come and remembered positively, long after pseudo celebrities, corrupt politicians and the rich and greedy have disappeared into by-lines remembered only for the worst things they did.

A reminder that secrets always have a way of coming out and being the hero that released them is far better than being another minion zero accessory skulking in the